see #1888 Added second input field for the conf file name, refatoring in CompilerDriver_pf to use QString mostly; The name of the generated .fw file is still taken from the -o option rather than output_file firewall option

src/compiler_lib/CompilerDriver.cpp

@@ -634,7 +634,8 @@ QString CompilerDriver::determineOutputFileName(Cluster *cluster,
                                                 bool cluster_member,
                                                 const QString &ext)
 {
-    QString current_firewall_name = current_fw->getName().c_str();
+    QString current_firewall_name = QString::fromUtf8(
+        current_fw->getName().c_str());
     if (!cluster_member)
     {
         // standalone firewall

src/libgui/pfAdvancedDialog.cpp

@@ -49,6 +49,7 @@
 #include <qregexp.h>
 #include <qtextedit.h>
 #include <QUndoStack>
+#include <QFileInfo>
 
 
 using namespace std;
@@ -80,12 +81,46 @@ pfAdvancedDialog::pfAdvancedDialog(QWidget *parent,FWObject *o)
         m_dialog->pf_fw_dir->setEnabled(false);
         fwopt->setStr("firewall_dir","");
     }
-    data.registerOption(m_dialog->ipv4before, fwopt, "ipv4_6_order", QStringList() <<  "IPv4 before IPv6" <<"ipv4_first" << "IPv6 before IPv4" << "ipv6_first");
+
+    // see #1888: we now support rc.conf format for the output
+    // Set variables for backwards compatibility for users who configured
+    // custom name for the output .fw script before.
+
+    if (!fwopt->getBool("generate_shell_script") &&
+        !fwopt->getBool("generate_rc_conf_file"))
+    {
+        fwopt->setBool("generate_shell_script", true);
+    }
+
+    QString init_script_name = fwopt->getStr("output_file").c_str();
+    QString conf_file_name = fwopt->getStr("conf_file").c_str();
+    if (!init_script_name.isEmpty() && conf_file_name.isEmpty())
+    {
+        QFileInfo fi(init_script_name);
+        if (fi.isRelative())
+        {
+            conf_file_name = QString(fi.completeBaseName() + ".conf");
+        } else
+        {
+            conf_file_name = QString(fi.path() + "/" +
+                                     fi.completeBaseName() + ".conf");
+        }
+        fwopt->setStr("conf_file", conf_file_name.toStdString());
+    }
+
+    data.registerOption(m_dialog->ipv4before, fwopt,
+                        "ipv4_6_order",
+                        QStringList() <<  "IPv4 before IPv6"
+                        <<"ipv4_first"
+                        << "IPv6 before IPv4"
+                        << "ipv6_first");
 
     data.registerOption( m_dialog->pf_log_prefix,fwopt, "log_prefix");
     data.registerOption( m_dialog->pf_fallback_log,fwopt, "fallback_log");
-    data.registerOption( m_dialog->pf_do_timeout_interval,fwopt,"pf_do_timeout_interval");
-    data.registerOption( m_dialog->pf_timeout_interval,fwopt, "pf_timeout_interval");
+    data.registerOption( m_dialog->pf_do_timeout_interval, fwopt,
+                         "pf_do_timeout_interval");
+    data.registerOption( m_dialog->pf_timeout_interval, fwopt,
+                         "pf_timeout_interval");
     data.registerOption( m_dialog->pf_do_timeout_frag,fwopt, "pf_do_timeout_frag");
     data.registerOption( m_dialog->pf_timeout_frag,fwopt, "pf_timeout_frag");
     data.registerOption( m_dialog->pf_do_limit_frags,fwopt, "pf_do_limit_frags");
@@ -184,45 +219,76 @@ pfAdvancedDialog::pfAdvancedDialog(QWidget *parent,FWObject *o)
 
     data.registerOption( m_dialog->compiler,fwopt, "compiler");
     data.registerOption( m_dialog->compilerArgs,fwopt, "cmdline");
+
+    data.registerOption( m_dialog->generateShellScript, fwopt,
+                         "generate_shell_script");
+    data.registerOption( m_dialog->generateRcConfFile, fwopt,
+                         "generate_rc_conf_file");
+
     data.registerOption( m_dialog->outputFileName, fwopt, "output_file");
-    data.registerOption( m_dialog->fileNameOnFw, fwopt, "script_name_on_firewall");
-    data.registerOption( m_dialog->confFileNameOnFw, fwopt, "conf_file_name_on_firewall");
+    data.registerOption( m_dialog->confFileName, fwopt, "conf_file");
+
+    data.registerOption( m_dialog->fileNameOnFw, fwopt,
+                         "script_name_on_firewall");
+    data.registerOption( m_dialog->confFileNameOnFw, fwopt,
+                         "conf_file_name_on_firewall");
 
     data.registerOption( m_dialog->mgmt_ssh,fwopt, "mgmt_ssh");
     data.registerOption( m_dialog->mgmt_addr,fwopt, "mgmt_addr");
 
     data.registerOption( m_dialog->pf_set_tcp_first, fwopt, "pf_set_tcp_first");
     data.registerOption( m_dialog->pf_tcp_first, fwopt, "pf_tcp_first");
-    data.registerOption( m_dialog->pf_set_tcp_opening, fwopt, "pf_set_tcp_opening");
+    data.registerOption( m_dialog->pf_set_tcp_opening, fwopt,
+                         "pf_set_tcp_opening");
     data.registerOption( m_dialog->pf_tcp_opening, fwopt, "pf_tcp_opening");
-    data.registerOption( m_dialog->pf_set_tcp_established, fwopt, "pf_set_tcp_established");
-    data.registerOption( m_dialog->pf_tcp_established, fwopt, "pf_tcp_established");
-    data.registerOption( m_dialog->pf_set_tcp_closing, fwopt, "pf_set_tcp_closing");
+    data.registerOption( m_dialog->pf_set_tcp_established, fwopt,
+                         "pf_set_tcp_established");
+    data.registerOption( m_dialog->pf_tcp_established, fwopt,
+                         "pf_tcp_established");
+    data.registerOption( m_dialog->pf_set_tcp_closing, fwopt,
+                         "pf_set_tcp_closing");
     data.registerOption( m_dialog->pf_tcp_closing, fwopt, "pf_tcp_closing");
-    data.registerOption( m_dialog->pf_set_tcp_finwait, fwopt, "pf_set_tcp_finwait");
-    data.registerOption( m_dialog->pf_tcp_finwait, fwopt, "pf_tcp_finwait");
-    data.registerOption( m_dialog->pf_set_tcp_closed, fwopt, "pf_set_tcp_closed");
-    data.registerOption( m_dialog->pf_tcp_closed, fwopt, "pf_tcp_closed");
-    data.registerOption( m_dialog->pf_set_udp_first, fwopt, "pf_set_udp_first");
-    data.registerOption( m_dialog->pf_udp_first, fwopt, "pf_udp_first");
-    data.registerOption( m_dialog->pf_set_udp_single, fwopt, "pf_set_udp_single");
+    data.registerOption( m_dialog->pf_set_tcp_finwait, fwopt,
+                         "pf_set_tcp_finwait");
+    data.registerOption( m_dialog->pf_tcp_finwait, fwopt,
+                         "pf_tcp_finwait");
+    data.registerOption( m_dialog->pf_set_tcp_closed, fwopt,
+                         "pf_set_tcp_closed");
+    data.registerOption( m_dialog->pf_tcp_closed, fwopt,
+                         "pf_tcp_closed");
+    data.registerOption( m_dialog->pf_set_udp_first, fwopt,
+                         "pf_set_udp_first");
+    data.registerOption( m_dialog->pf_udp_first, fwopt,
+                         "pf_udp_first");
+    data.registerOption( m_dialog->pf_set_udp_single, fwopt,
+                         "pf_set_udp_single");
     data.registerOption( m_dialog->pf_udp_single, fwopt, "pf_udp_single");
-    data.registerOption( m_dialog->pf_set_udp_multiple, fwopt, "pf_set_udp_multiple");
+    data.registerOption( m_dialog->pf_set_udp_multiple, fwopt,
+                         "pf_set_udp_multiple");
     data.registerOption( m_dialog->pf_udp_multiple, fwopt, "pf_udp_multiple");
-    data.registerOption( m_dialog->pf_set_icmp_first, fwopt, "pf_set_icmp_first");
+    data.registerOption( m_dialog->pf_set_icmp_first, fwopt,
+                         "pf_set_icmp_first");
     data.registerOption( m_dialog->pf_icmp_first, fwopt, "pf_icmp_first");
-    data.registerOption( m_dialog->pf_set_icmp_error, fwopt, "pf_set_icmp_error");
+    data.registerOption( m_dialog->pf_set_icmp_error, fwopt,
+                         "pf_set_icmp_error");
     data.registerOption( m_dialog->pf_icmp_error, fwopt, "pf_icmp_error");
-    data.registerOption( m_dialog->pf_set_other_first, fwopt, "pf_set_other_first");
+    data.registerOption( m_dialog->pf_set_other_first, fwopt,
+                         "pf_set_other_first");
     data.registerOption( m_dialog->pf_other_first, fwopt, "pf_other_first");
-    data.registerOption( m_dialog->pf_set_other_single, fwopt, "pf_set_other_single");
+    data.registerOption( m_dialog->pf_set_other_single, fwopt,
+                         "pf_set_other_single");
     data.registerOption( m_dialog->pf_other_single, fwopt, "pf_other_single");
-    data.registerOption( m_dialog->pf_set_other_multiple, fwopt, "pf_set_other_multiple");
-    data.registerOption( m_dialog->pf_other_multiple, fwopt, "pf_other_multiple");
+    data.registerOption( m_dialog->pf_set_other_multiple, fwopt,
+                         "pf_set_other_multiple");
+    data.registerOption( m_dialog->pf_other_multiple, fwopt,
+                         "pf_other_multiple");
 
-    data.registerOption( m_dialog->pf_set_adaptive, fwopt, "pf_set_adaptive");
-    data.registerOption( m_dialog->pf_adaptive_start, fwopt, "pf_adaptive_start");
-    data.registerOption( m_dialog->pf_adaptive_end, fwopt, "pf_adaptive_end");
+    data.registerOption( m_dialog->pf_set_adaptive, fwopt,
+                         "pf_set_adaptive");
+    data.registerOption( m_dialog->pf_adaptive_start, fwopt,
+                         "pf_adaptive_start");
+    data.registerOption( m_dialog->pf_adaptive_end, fwopt,
+                         "pf_adaptive_end");
 
     PolicyInstallScript *pis   = mgmt->getPolicyInstallScript();
 

src/libgui/pfadvanceddialog_q.ui

@@ -10,7 +10,7 @@
     <x>0</x>
     <y>0</y>
     <width>700</width>
-    <height>550</height>
+    <height>743</height>
    </rect>
   </property>
   <property name="maximumSize">
@@ -100,7 +100,7 @@
       <attribute name="title">
        <string>Compiler</string>
       </attribute>
-      <layout class="QGridLayout" name="gridLayout_8">
+      <layout class="QGridLayout" name="gridLayout_10">
        <item row="0" column="0">
         <widget class="QLabel" name="compilerLabel">
          <property name="text">
@@ -114,7 +114,7 @@
          </property>
         </widget>
        </item>
-       <item row="0" column="1">
+       <item row="0" column="2">
         <widget class="QLineEdit" name="compiler">
          <property name="maximumSize">
           <size>
@@ -124,230 +124,7 @@
          </property>
         </widget>
        </item>
-       <item row="5" column="0" colspan="2">
-        <widget class="QLabel" name="label_4">
-         <property name="text">
-          <string>Generated script (.fw file) and configuration (.conf) file can be copied to the firewall machine under different names. If these fields are left blank, the file name does not change.</string>
-         </property>
-         <property name="wordWrap">
-          <bool>true</bool>
-         </property>
-        </widget>
-       </item>
-       <item row="6" column="0">
-        <widget class="QLabel" name="label_2">
-         <property name="text">
-          <string>Script (.fw) file name on the firewall</string>
-         </property>
-        </widget>
-       </item>
-       <item row="6" column="1">
-        <widget class="QLineEdit" name="fileNameOnFw">
-         <property name="maximumSize">
-          <size>
-           <width>32767</width>
-           <height>22</height>
-          </size>
-         </property>
-        </widget>
-       </item>
-       <item row="7" column="0">
-        <widget class="QLabel" name="label_3">
-         <property name="text">
-          <string>.conf file name on the firewall</string>
-         </property>
-        </widget>
-       </item>
-       <item row="7" column="1">
-        <widget class="QLineEdit" name="confFileNameOnFw">
-         <property name="maximumSize">
-          <size>
-           <width>32767</width>
-           <height>22</height>
-          </size>
-         </property>
-        </widget>
-       </item>
-       <item row="8" column="0" colspan="2">
-        <widget class="QGroupBox" name="groupBox">
-         <property name="title">
-          <string/>
-         </property>
-         <property name="flat">
-          <bool>true</bool>
-         </property>
-         <layout class="QGridLayout" name="gridLayout_6">
-          <property name="margin">
-           <number>0</number>
-          </property>
-          <item row="0" column="0" colspan="5">
-           <widget class="QCheckBox" name="pf_accept_new_tcp_with_no_syn">
-            <property name="text">
-             <string>Accept TCP sessions opened prior to firewall restart</string>
-            </property>
-           </widget>
-          </item>
-          <item row="1" column="0" colspan="5">
-           <widget class="QCheckBox" name="pf_modulate_state">
-            <property name="sizePolicy">
-             <sizepolicy hsizetype="Expanding" vsizetype="Fixed">
-              <horstretch>0</horstretch>
-              <verstretch>0</verstretch>
-             </sizepolicy>
-            </property>
-            <property name="text">
-             <string>Modulate state for all stateful rules (applies only to TCP services)</string>
-            </property>
-           </widget>
-          </item>
-          <item row="4" column="0">
-           <widget class="QLabel" name="textLabel3">
-            <property name="text">
-             <string>Optimization:</string>
-            </property>
-            <property name="alignment">
-             <set>Qt::AlignCenter</set>
-            </property>
-            <property name="wordWrap">
-             <bool>false</bool>
-            </property>
-           </widget>
-          </item>
-          <item row="4" column="1">
-           <widget class="QComboBox" name="pf_optimization"/>
-          </item>
-          <item row="4" column="2">
-           <widget class="QLabel" name="label_5">
-            <property name="text">
-             <string>State policy:</string>
-            </property>
-           </widget>
-          </item>
-          <item row="4" column="3">
-           <widget class="QComboBox" name="pf_state_policy">
-            <property name="toolTip">
-             <string>States can be bound to interfaces or match packets on any interface. The latter can be useful in case of an assymmetric routing.</string>
-            </property>
-           </widget>
-          </item>
-          <item row="4" column="5">
-           <spacer name="horizontalSpacer_2">
-            <property name="orientation">
-             <enum>Qt::Horizontal</enum>
-            </property>
-            <property name="sizeHint" stdset="0">
-             <size>
-              <width>40</width>
-              <height>20</height>
-             </size>
-            </property>
-           </spacer>
-          </item>
-          <item row="0" column="5">
-           <widget class="QCheckBox" name="pf_check_shadowing">
-            <property name="sizePolicy">
-             <sizepolicy hsizetype="Expanding" vsizetype="Fixed">
-              <horstretch>0</horstretch>
-              <verstretch>0</verstretch>
-             </sizepolicy>
-            </property>
-            <property name="toolTip">
-             <string>Shadowing happens because a rule is a superset of a subsequent rule and any packets potentially matched by the subsequent rule have already been matched by the prior rule.</string>
-            </property>
-            <property name="text">
-             <string>Detect rule shadowing in policy</string>
-            </property>
-           </widget>
-          </item>
-          <item row="1" column="5">
-           <widget class="QCheckBox" name="pf_ignore_empty_groups">
-            <property name="sizePolicy">
-             <sizepolicy hsizetype="Expanding" vsizetype="Fixed">
-              <horstretch>0</horstretch>
-              <verstretch>0</verstretch>
-             </sizepolicy>
-            </property>
-            <property name="toolTip">
-             <string>If the option is deactivated, compiler treats empty groups as an error and aborts processing the policy. If this option is activated, compiler removes all empty groups from all rule elements. If rule element becomes 'any' after the last empty group has been removed, the whole rule will be ignored. Use this option only if you fully understand how it works!</string>
-            </property>
-            <property name="text">
-             <string>Ignore empty groups in rules</string>
-            </property>
-           </widget>
-          </item>
-         </layout>
-        </widget>
-       </item>
-       <item row="9" column="0" colspan="2">
-        <widget class="QGroupBox" name="groupBox_2">
-         <property name="title">
-          <string/>
-         </property>
-         <property name="flat">
-          <bool>true</bool>
-         </property>
-         <layout class="QGridLayout" name="gridLayout_7">
-          <property name="margin">
-           <number>0</number>
-          </property>
-          <item row="0" column="0">
-           <widget class="QCheckBox" name="mgmt_ssh">
-            <property name="sizePolicy">
-             <sizepolicy hsizetype="Expanding" vsizetype="Fixed">
-              <horstretch>0</horstretch>
-              <verstretch>0</verstretch>
-             </sizepolicy>
-            </property>
-            <property name="text">
-             <string>Always permit ssh access from
-the management workstation
-with this address:</string>
-            </property>
-           </widget>
-          </item>
-          <item row="0" column="1">
-           <widget class="QLineEdit" name="mgmt_addr">
-            <property name="sizePolicy">
-             <sizepolicy hsizetype="Expanding" vsizetype="Fixed">
-              <horstretch>0</horstretch>
-              <verstretch>0</verstretch>
-             </sizepolicy>
-            </property>
-            <property name="maximumSize">
-             <size>
-              <width>32767</width>
-              <height>22</height>
-             </size>
-            </property>
-           </widget>
-          </item>
-         </layout>
-        </widget>
-       </item>
-       <item row="10" column="1">
-        <spacer name="verticalSpacer">
-         <property name="orientation">
-          <enum>Qt::Vertical</enum>
-         </property>
-         <property name="sizeHint" stdset="0">
-          <size>
-           <width>20</width>
-           <height>11</height>
-          </size>
-         </property>
-        </spacer>
-       </item>
-       <item row="1" column="1">
-        <widget class="QLineEdit" name="compilerArgs">
-         <property name="maximumSize">
-          <size>
-           <width>32767</width>
-           <height>22</height>
-          </size>
-         </property>
-        </widget>
-       </item>
-       <item row="1" column="0">
+       <item row="1" column="0" colspan="2">
         <widget class="QLabel" name="compilerArgsLabel">
          <property name="sizePolicy">
           <sizepolicy hsizetype="Expanding" vsizetype="Preferred">
@@ -366,8 +143,8 @@ with this address:</string>
          </property>
         </widget>
        </item>
-       <item row="2" column="1">
-        <widget class="QLineEdit" name="outputFileName">
+       <item row="1" column="2">
+        <widget class="QLineEdit" name="compilerArgs">
          <property name="maximumSize">
           <size>
            <width>32767</width>
@@ -376,35 +153,345 @@ with this address:</string>
          </property>
         </widget>
        </item>
-       <item row="3" column="0" colspan="2">
-        <widget class="QLabel" name="textLabel1_5">
-         <property name="sizePolicy">
-          <sizepolicy hsizetype="Expanding" vsizetype="Preferred">
-           <horstretch>0</horstretch>
-           <verstretch>0</verstretch>
-          </sizepolicy>
+       <item row="2" column="0" colspan="3">
+        <widget class="QGroupBox" name="groupBox_3">
+         <property name="title">
+          <string>System configuration and firewall initialization script format</string>
          </property>
-         <property name="text">
-          <string>(if left blank, the file name is constructed of the firewall object name and extension &quot;.fw&quot;)</string>
-         </property>
-         <property name="alignment">
-          <set>Qt::AlignVCenter</set>
-         </property>
-         <property name="wordWrap">
-          <bool>true</bool>
+         <property name="flat">
+          <bool>false</bool>
          </property>
+         <layout class="QGridLayout" name="gridLayout_8">
+          <item row="0" column="0">
+           <layout class="QHBoxLayout" name="horizontalLayout_6">
+            <item>
+             <widget class="QRadioButton" name="generateShellScript">
+              <property name="text">
+               <string>shell script with extension .fw</string>
+              </property>
+             </widget>
+            </item>
+            <item>
+             <widget class="QRadioButton" name="generateRcConfFile">
+              <property name="text">
+               <string>file in rc.conf format</string>
+              </property>
+             </widget>
+            </item>
+            <item>
+             <spacer name="horizontalSpacer_3">
+              <property name="orientation">
+               <enum>Qt::Horizontal</enum>
+              </property>
+              <property name="sizeHint" stdset="0">
+               <size>
+                <width>208</width>
+                <height>20</height>
+               </size>
+              </property>
+             </spacer>
+            </item>
+           </layout>
+          </item>
+         </layout>
         </widget>
        </item>
-       <item row="2" column="0">
-        <widget class="QLabel" name="label_6">
-         <property name="text">
-          <string>Output file name:</string>
-         </property>
-         <property name="alignment">
-          <set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
+       <item row="3" column="0" colspan="3">
+        <widget class="QGroupBox" name="groupBox_4">
+         <property name="title">
+          <string>Names of generated files</string>
          </property>
+         <layout class="QGridLayout" name="gridLayout_7">
+          <item row="0" column="0">
+           <widget class="QLabel" name="label_6">
+            <property name="text">
+             <string>Initialization script name (can be full path):</string>
+            </property>
+            <property name="alignment">
+             <set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
+            </property>
+           </widget>
+          </item>
+          <item row="0" column="1">
+           <widget class="QLineEdit" name="outputFileName">
+            <property name="maximumSize">
+             <size>
+              <width>32767</width>
+              <height>22</height>
+             </size>
+            </property>
+           </widget>
+          </item>
+          <item row="1" column="0">
+           <widget class="QLabel" name="label_7">
+            <property name="text">
+             <string>PF configuration file name (can be full path):</string>
+            </property>
+            <property name="alignment">
+             <set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
+            </property>
+           </widget>
+          </item>
+          <item row="1" column="1">
+           <widget class="QLineEdit" name="confFileName">
+            <property name="maximumSize">
+             <size>
+              <width>32767</width>
+              <height>22</height>
+             </size>
+            </property>
+           </widget>
+          </item>
+          <item row="2" column="0" colspan="2">
+           <widget class="QLabel" name="textLabel1_5">
+            <property name="sizePolicy">
+             <sizepolicy hsizetype="Expanding" vsizetype="Preferred">
+              <horstretch>0</horstretch>
+              <verstretch>0</verstretch>
+             </sizepolicy>
+            </property>
+            <property name="text">
+             <string>(if left blank, the file name is constructed of the firewall object name and extension &quot;.fw&quot; or &quot;.conf&quot; depending on the format)</string>
+            </property>
+            <property name="alignment">
+             <set>Qt::AlignVCenter</set>
+            </property>
+            <property name="wordWrap">
+             <bool>true</bool>
+            </property>
+           </widget>
+          </item>
+         </layout>
         </widget>
        </item>
+       <item row="4" column="0" colspan="3">
+        <widget class="QGroupBox" name="groupBox_2">
+         <property name="title">
+          <string>Names of the files on the firewall</string>
+         </property>
+         <property name="flat">
+          <bool>false</bool>
+         </property>
+         <layout class="QGridLayout" name="gridLayout">
+          <item row="0" column="0" colspan="2">
+           <widget class="QLabel" name="label_4">
+            <property name="text">
+             <string>Initialization script (.fw file) and PF configuration file can be copied to the firewall machine under different names. If these fields are left blank, the file name does not change.</string>
+            </property>
+            <property name="wordWrap">
+             <bool>true</bool>
+            </property>
+           </widget>
+          </item>
+          <item row="1" column="0">
+           <widget class="QLabel" name="label_2">
+            <property name="text">
+             <string>Initialization script name on the firewall</string>
+            </property>
+           </widget>
+          </item>
+          <item row="1" column="1">
+           <widget class="QLineEdit" name="fileNameOnFw">
+            <property name="maximumSize">
+             <size>
+              <width>32767</width>
+              <height>22</height>
+             </size>
+            </property>
+           </widget>
+          </item>
+          <item row="2" column="0">
+           <widget class="QLabel" name="label_3">
+            <property name="text">
+             <string>PF configuration file name on the firewall</string>
+            </property>
+           </widget>
+          </item>
+          <item row="2" column="1">
+           <widget class="QLineEdit" name="confFileNameOnFw">
+            <property name="maximumSize">
+             <size>
+              <width>32767</width>
+              <height>22</height>
+             </size>
+            </property>
+           </widget>
+          </item>
+         </layout>
+        </widget>
+       </item>
+       <item row="5" column="0" colspan="3">
+        <widget class="QGroupBox" name="groupBox">
+         <property name="title">
+          <string/>
+         </property>
+         <property name="flat">
+          <bool>false</bool>
+         </property>
+         <layout class="QGridLayout" name="gridLayout_6">
+          <property name="margin">
+           <number>9</number>
+          </property>
+          <item row="0" column="0" colspan="2">
+           <widget class="QCheckBox" name="pf_accept_new_tcp_with_no_syn">
+            <property name="text">
+             <string>Accept TCP sessions opened prior to firewall restart</string>
+            </property>
+           </widget>
+          </item>
+          <item row="1" column="0" colspan="2">
+           <widget class="QCheckBox" name="pf_modulate_state">
+            <property name="sizePolicy">
+             <sizepolicy hsizetype="Expanding" vsizetype="Fixed">
+              <horstretch>0</horstretch>
+              <verstretch>0</verstretch>
+             </sizepolicy>
+            </property>
+            <property name="text">
+             <string>Modulate state for all stateful rules (applies only to TCP services)</string>
+            </property>
+           </widget>
+          </item>
+          <item row="0" column="2">
+           <widget class="QCheckBox" name="pf_check_shadowing">
+            <property name="sizePolicy">
+             <sizepolicy hsizetype="Expanding" vsizetype="Fixed">
+              <horstretch>0</horstretch>
+              <verstretch>0</verstretch>
+             </sizepolicy>
+            </property>
+            <property name="toolTip">
+             <string>Shadowing happens because a rule is a superset of 
+a subsequent rule and any packets potentially matched 
+by the subsequent rule have already been matched by 
+the prior rule.</string>
+            </property>
+            <property name="text">
+             <string>Detect rule shadowing</string>
+            </property>
+           </widget>
+          </item>
+          <item row="1" column="2">
+           <widget class="QCheckBox" name="pf_ignore_empty_groups">
+            <property name="sizePolicy">
+             <sizepolicy hsizetype="Expanding" vsizetype="Fixed">
+              <horstretch>0</horstretch>
+              <verstretch>0</verstretch>
+             </sizepolicy>
+            </property>
+            <property name="toolTip">
+             <string>If the option is deactivated, compiler treats empty groups as
+an error and aborts processing the policy. If this option is 
+activated, compiler removes all empty groups from all rule 
+elements. If rule element becomes 'any' after the last empty 
+group has been removed, the whole rule will be ignored. Use 
+this option only if you fully understand how it works!</string>
+            </property>
+            <property name="text">
+             <string>Ignore empty groups</string>
+            </property>
+           </widget>
+          </item>
+         </layout>
+        </widget>
+       </item>
+       <item row="6" column="0" colspan="3">
+        <layout class="QHBoxLayout" name="horizontalLayout_5">
+         <item>
+          <widget class="QLabel" name="textLabel3">
+           <property name="text">
+            <string>Optimization:</string>
+           </property>
+           <property name="alignment">
+            <set>Qt::AlignCenter</set>
+           </property>
+           <property name="wordWrap">
+            <bool>false</bool>
+           </property>
+          </widget>
+         </item>
+         <item>
+          <widget class="QComboBox" name="pf_optimization"/>
+         </item>
+         <item>
+          <widget class="QLabel" name="label_5">
+           <property name="text">
+            <string>State policy:</string>
+           </property>
+          </widget>
+         </item>
+         <item>
+          <widget class="QComboBox" name="pf_state_policy">
+           <property name="toolTip">
+            <string>States can be bound to interfaces or match packets 
+on any interface. The latter can be useful in case of 
+an assymmetric routing.</string>
+           </property>
+          </widget>
+         </item>
+         <item>
+          <spacer name="horizontalSpacer_2">
+           <property name="orientation">
+            <enum>Qt::Horizontal</enum>
+           </property>
+           <property name="sizeHint" stdset="0">
+            <size>
+             <width>40</width>
+             <height>20</height>
+            </size>
+           </property>
+          </spacer>
+         </item>
+        </layout>
+       </item>
+       <item row="7" column="0" colspan="3">
+        <layout class="QHBoxLayout" name="horizontalLayout_7">
+         <item>
+          <widget class="QCheckBox" name="mgmt_ssh">
+           <property name="sizePolicy">
+            <sizepolicy hsizetype="Expanding" vsizetype="Fixed">
+             <horstretch>0</horstretch>
+             <verstretch>0</verstretch>
+            </sizepolicy>
+           </property>
+           <property name="text">
+            <string>Always permit ssh access from
+the management workstation
+with this address:</string>
+           </property>
+          </widget>
+         </item>
+         <item>
+          <widget class="QLineEdit" name="mgmt_addr">
+           <property name="sizePolicy">
+            <sizepolicy hsizetype="Expanding" vsizetype="Fixed">
+             <horstretch>0</horstretch>
+             <verstretch>0</verstretch>
+            </sizepolicy>
+           </property>
+           <property name="maximumSize">
+            <size>
+             <width>32767</width>
+             <height>22</height>
+            </size>
+           </property>
+          </widget>
+         </item>
+        </layout>
+       </item>
+       <item row="8" column="1">
+        <spacer name="verticalSpacer">
+         <property name="orientation">
+          <enum>Qt::Vertical</enum>
+         </property>
+         <property name="sizeHint" stdset="0">
+          <size>
+           <width>20</width>
+           <height>11</height>
+          </size>
+         </property>
+        </spacer>
+       </item>
       </layout>
      </widget>
      <widget class="QWidget" name="tab2">
@@ -583,7 +670,7 @@ with this address:</string>
          </property>
          <layout class="QGridLayout" name="gridLayout_5">
           <property name="verticalSpacing">
-           <number>-1</number>
+           <number>6</number>
           </property>
           <item row="0" column="0">
            <widget class="QRadioButton" name="pf_scrub_reassemble">
@@ -2380,29 +2467,24 @@ with this address:</string>
  </widget>
  <layoutdefault spacing="6" margin="11"/>
  <tabstops>
+  <tabstop>pf_do_scrub</tabstop>
   <tabstop>tabWidget</tabstop>
   <tabstop>compiler</tabstop>
   <tabstop>compilerArgs</tabstop>
+  <tabstop>generateShellScript</tabstop>
+  <tabstop>generateRcConfFile</tabstop>
+  <tabstop>outputFileName</tabstop>
+  <tabstop>confFileName</tabstop>
   <tabstop>fileNameOnFw</tabstop>
   <tabstop>confFileNameOnFw</tabstop>
   <tabstop>pf_accept_new_tcp_with_no_syn</tabstop>
   <tabstop>pf_modulate_state</tabstop>
+  <tabstop>pf_check_shadowing</tabstop>
+  <tabstop>pf_ignore_empty_groups</tabstop>
   <tabstop>pf_optimization</tabstop>
+  <tabstop>pf_state_policy</tabstop>
   <tabstop>mgmt_ssh</tabstop>
   <tabstop>mgmt_addr</tabstop>
-  <tabstop>pf_scrub_no_df</tabstop>
-  <tabstop>pf_scrub_random_id</tabstop>
-  <tabstop>pf_scrub_use_minttl</tabstop>
-  <tabstop>pf_scrub_minttl</tabstop>
-  <tabstop>pf_scrub_use_maxmss</tabstop>
-  <tabstop>pf_scrub_maxmss</tabstop>
-  <tabstop>pf_do_scrub</tabstop>
-  <tabstop>pf_scrub_reassemble</tabstop>
-  <tabstop>pf_scrub_fragm_crop</tabstop>
-  <tabstop>pf_scrub_fragm_drop_ovl</tabstop>
-  <tabstop>pf_do_limit_frags</tabstop>
-  <tabstop>pf_limit_frags</tabstop>
-  <tabstop>pf_do_limit_states</tabstop>
   <tabstop>pf_limit_states</tabstop>
   <tabstop>pf_do_limit_src_nodes</tabstop>
   <tabstop>pf_limit_src_nodes</tabstop>
@@ -2471,6 +2553,19 @@ with this address:</string>
   <tabstop>buttonOk</tabstop>
   <tabstop>buttonCancel</tabstop>
   <tabstop>buttonHelp</tabstop>
+  <tabstop>pf_scrub_fragm_drop_ovl</tabstop>
+  <tabstop>pf_do_limit_frags</tabstop>
+  <tabstop>pf_scrub_reassemble</tabstop>
+  <tabstop>pf_scrub_fragm_crop</tabstop>
+  <tabstop>pf_limit_frags</tabstop>
+  <tabstop>pf_do_limit_states</tabstop>
+  <tabstop>pf_scrub_reassemble_tcp</tabstop>
+  <tabstop>pf_scrub_use_maxmss</tabstop>
+  <tabstop>pf_scrub_minttl</tabstop>
+  <tabstop>pf_scrub_maxmss</tabstop>
+  <tabstop>pf_scrub_no_df</tabstop>
+  <tabstop>pf_scrub_random_id</tabstop>
+  <tabstop>pf_scrub_use_minttl</tabstop>
  </tabstops>
  <resources/>
  <connections>

src/pflib/CompilerDriver_pf.cpp

@@ -68,60 +68,59 @@ CompilerDriver* CompilerDriver_pf::clone()
     return new_cd;
 }
 
-string CompilerDriver_pf::getConfFileName(const string &ruleset_name,
-                                          const string &fwobjectname,
-                                          const string &fw_file_name)
+QString CompilerDriver_pf::getConfFileName(const QString &ruleset_name,
+                                           const QString &fwobjectname,
+                                           const QString &conf_file_name)
 {
-    QString conf_file_name;
-    string suffix = string("-") + ruleset_name;
+    QString suffix = QString("-") + ruleset_name;
     if (ruleset_name == "__main__") suffix = "";
 
-    if (fw_file_name.empty())
+    if (conf_file_name.isEmpty())
     {
         return fwobjectname + suffix + ".conf";
     }
 
     QString new_name;
-    QFileInfo fi(fw_file_name.c_str());
+    QFileInfo fi(conf_file_name);
     if (fi.isRelative())
     {
-        new_name = QString(fi.completeBaseName() + suffix.c_str() + ".conf");
+        new_name = QString(fi.completeBaseName() + suffix + ".conf");
     } else
     {
-        new_name = QString(fi.path() + "/" + fi.completeBaseName() + suffix.c_str() + ".conf");
+        new_name = QString(fi.path() + "/" + fi.completeBaseName() + suffix + ".conf");
     }
 
-    return new_name.toUtf8().constData();
+    return new_name;
 }
 
-string CompilerDriver_pf::getRemoteConfFileName(const string &ruleset_name,
-                                                const string &local_conf_name,
-                                                const string &remote_fw_name,
-                                                const string &remote_conf_name)
+QString CompilerDriver_pf::getRemoteConfFileName(const QString &ruleset_name,
+                                                 const QString &local_conf_name,
+                                                 const QString &remote_fw_name,
+                                                 const QString &remote_conf_name)
 {
     QString conf_file_name;
-    string suffix = string("-") + ruleset_name;
+    QString suffix = QString("-") + ruleset_name;
     if (ruleset_name == "__main__") suffix = "";
 
-    if (remote_conf_name.empty() && remote_fw_name.empty())
+    if (remote_conf_name.isEmpty() && remote_fw_name.isEmpty())
     {
         // local_conf_name may be a relative or absolute path. Return
         // just the file name
-        QFileInfo fi(local_conf_name.c_str());
-        return fi.fileName().toStdString();
+        QFileInfo fi(local_conf_name);
+        return fi.fileName();
     }
 
     QFileInfo fi;
 
-    if (!remote_conf_name.empty()) fi = QFileInfo(remote_conf_name.c_str());
+    if (!remote_conf_name.isEmpty()) fi = QFileInfo(remote_conf_name);
     else
-        if (!remote_fw_name.empty()) fi = QFileInfo(remote_fw_name.c_str());
+        if (!remote_fw_name.isEmpty()) fi = QFileInfo(remote_fw_name);
 
-    string new_name = fi.completeBaseName().toStdString() + suffix + ".conf";
+    QString new_name = fi.completeBaseName() + suffix + ".conf";
     QString path = fi.path();
 
     if (path == ".") return new_name;
-    else return path.toStdString() + "/" + new_name;
+    else return path + "/" + new_name;
 }
 
 string CompilerDriver_pf::printTimeout(FWOptions* options,

src/pflib/CompilerDriver_pf.h

@@ -50,14 +50,16 @@ namespace libfwbuilder {
 };
 
 
-class MapOstringStream : public std::map<std::string, std::ostringstream*> {
+class MapOstringStream : public std::map<QString, std::ostringstream*>
+{
   public:
     MapOstringStream() {}
     ~MapOstringStream();
     void clear();
 };
 
-class MapTableFactory : public std::map<std::string, fwcompiler::TableFactory*> {
+class MapTableFactory : public std::map<QString, fwcompiler::TableFactory*>
+{
   public:
     MapTableFactory() {}
     ~MapTableFactory();
@@ -71,14 +73,16 @@ namespace fwcompiler {
     class CompilerDriver_pf : public CompilerDriver
     {
 
+        QString conf_file_name;
+
 // Note that in the following maps ruleset name will be 
 // "__main__" for both main Policy and NAT rulesets.
 
 // map ruleset_name -> conf file name
-        std::map<std::string, std::string> conf_files;
+        std::map<QString, QString> conf_files;
 
 // map ruleset_name -> remote conf file name
-        std::map<std::string, std::string> remote_conf_files;
+        std::map<QString, QString> remote_conf_files;
 
 // map ruleset_name -> generated script
 //    std::map<std::string, std::ostringstream*> generated_scripts;
@@ -104,13 +108,15 @@ protected:
 
         std::string routing_script;
         
-        std::string getConfFileName(const std::string &ruleset_name,
-                                    const std::string &fwobjectname,
-                                    const std::string &fw_file_name);
-        std::string getRemoteConfFileName(const std::string &ruleset_name,
-                                          const std::string &local_file_name,
-                                          const std::string &remote_fw_file_name,
-                                          const std::string &remote_conf_file_name);
+        QString getConfFileName(const QString &ruleset_name,
+                                const QString &fwobjectname,
+                                const QString &conf_file_name);
+        
+        QString getRemoteConfFileName(const QString &ruleset_name,
+                                      const QString &local_file_name,
+                                      const QString &remote_fw_file_name,
+                                      const QString &remote_conf_file_name);
+        
         std::string printTimeout(libfwbuilder::FWOptions* options,
                                  const std::string &OnOffOption,
                                  const std::string &ValOption,

src/pflib/CompilerDriver_pf_run.cpp

@@ -114,8 +114,8 @@ QString CompilerDriver_pf::printActivationCommands(Firewall *fw)
     string pfctl_dbg = (debug)?"-v ":"";
 
     QStringList activation_commands;
-    QString remote_file = remote_conf_files["__main__"].c_str();
-    if (remote_file.isEmpty()) remote_file = conf_files["__main__"].c_str();
+    QString remote_file = remote_conf_files["__main__"];
+    if (remote_file.isEmpty()) remote_file = conf_files["__main__"];
     if (remote_file[0] != '/') remote_file = "${FWDIR}/" + remote_file;
     remote_file = this->escapeFileName(remote_file);
 
@@ -123,18 +123,19 @@ QString CompilerDriver_pf::printActivationCommands(Firewall *fw)
         composeActivationCommand(
             fw, pfctl_dbg, "", fw->getStr("version"), remote_file.toStdString()));
 
-    for (map<string,string>::iterator i=conf_files.begin();
+    for (map<QString,QString>::iterator i=conf_files.begin();
          i!=conf_files.end(); ++i)
     {
-        QString remote_file = remote_conf_files[i->first].c_str();
-        if (remote_file.isEmpty()) remote_file = i->second.c_str();
+        QString remote_file = remote_conf_files[i->first];
+        if (remote_file.isEmpty()) remote_file = i->second;
         if (remote_file[0] != '/') remote_file = "${FWDIR}/" + remote_file;
         remote_file = this->escapeFileName(remote_file);
 
         if (i->first != "__main__")
             activation_commands.push_back(
                 composeActivationCommand(
-                    fw, pfctl_dbg, i->first, fw->getStr("version"), remote_file.toStdString()));
+                    fw, pfctl_dbg, i->first.toStdString(),
+                    fw->getStr("version"), remote_file.toStdString()));
     }
 
     return activation_commands.join("\n");
@@ -148,15 +149,16 @@ QString CompilerDriver_pf::assembleManifest(Cluster*, Firewall* fw, bool )
 
     script << MANIFEST_MARKER << "* " << this->escapeFileName(fw_file_info.fileName());
     string remote_name = fw->getOptionsObject()->getStr("script_name_on_firewall");
-    if (!remote_name.empty()) script << " " << this->escapeFileName(remote_name.c_str());
+    if (!remote_name.empty())
+        script << " " << this->escapeFileName(remote_name.c_str());
     script << "\n";
 
-    for (map<string,string>::iterator i=conf_files.begin();
+    for (map<QString,QString>::iterator i=conf_files.begin();
          i!=conf_files.end(); ++i)
     {
-        string ruleset_name = i->first;
-        QString file_name = QFileInfo(i->second.c_str()).fileName();
-        QString remote_file_name = remote_conf_files[ruleset_name].c_str();
+        QString ruleset_name = i->first;
+        QString file_name = QFileInfo(i->second).fileName();
+        QString remote_file_name = remote_conf_files[ruleset_name];
         script << MANIFEST_MARKER << "  " << this->escapeFileName(file_name);
         if (!remote_file_name.isEmpty() && remote_file_name != file_name)
             script << " " << this->escapeFileName(remote_file_name);
@@ -223,9 +225,25 @@ QString CompilerDriver_pf::run(const std::string &cluster_id,
 
         // Note that fwobjectname may be different from the name of the
         // firewall fw This happens when we compile a member of a cluster
-        current_firewall_name = fw->getName().c_str();
+        current_firewall_name = QString::fromUtf8(fw->getName().c_str());
 
-        fw_file_name = determineOutputFileName(cluster, fw, !cluster_id.empty(), ".fw");
+        fw_file_name = determineOutputFileName(
+            cluster, fw, !cluster_id.empty(), ".fw");
+
+        conf_file_name = QString::fromUtf8(options->getStr("conf_file").c_str());
+
+        if (!fw_file_name.isEmpty() && conf_file_name.isEmpty())
+        {
+            QFileInfo fi(fw_file_name);
+            if (fi.isRelative())
+            {
+                conf_file_name = QString(fi.completeBaseName() + ".conf");
+            } else
+            {
+                conf_file_name = QString(fi.path() + "/" +
+                                         fi.completeBaseName() + ".conf");
+            }
+        }
 
         string firewall_dir = options->getStr("firewall_dir");
         if (firewall_dir=="") firewall_dir="/etc/fw";
@@ -269,8 +287,10 @@ QString CompilerDriver_pf::run(const std::string &cluster_id,
 
         oscnf->prolog();
 
-        string remote_fw_name = options->getStr("script_name_on_firewall");
-        string remote_conf_name = options->getStr("conf_file_name_on_firewall");
+        QString remote_fw_name = QString::fromUtf8(
+            options->getStr("script_name_on_firewall").c_str());
+        QString remote_conf_name = QString::fromUtf8(
+            options->getStr("conf_file_name_on_firewall").c_str());
 
         list<FWObject*> all_policies = fw->getByType(Policy::TYPENAME);
         list<FWObject*> all_nat = fw->getByType(NAT::TYPENAME);
@@ -345,15 +365,15 @@ QString CompilerDriver_pf::run(const std::string &cluster_id,
 
                 if (!nat->matchingAddressFamily(policy_af)) continue;
 
-                string ruleset_name = nat->getName();
+                QString ruleset_name = QString::fromUtf8(nat->getName().c_str());
 
-                if (ruleset_name.find("/*")!=string::npos)
+                if (ruleset_name.endsWith("/*"))
                 {
                     QString err("The name of the policy ruleset %1"
                                 " ends with '/*', assuming it is externally"
                                 " controlled and skipping it.");
                     warning(fw, nat, NULL,
-                            err.arg(ruleset_name.c_str()).toStdString());
+                            err.arg(ruleset_name).toStdString());
                     continue;
                 }
 
@@ -415,9 +435,7 @@ QString CompilerDriver_pf::run(const std::string &cluster_id,
                 all_errors.push_back(n.getErrors("").c_str());
 
                 conf_files[ruleset_name] = getConfFileName(
-                    ruleset_name,
-                    current_firewall_name.toUtf8().constData(),
-                    fw_file_name.toUtf8().constData());
+                    ruleset_name, current_firewall_name, conf_file_name);
 
 
                 remote_conf_files[ruleset_name] = getRemoteConfFileName(
@@ -436,15 +454,15 @@ QString CompilerDriver_pf::run(const std::string &cluster_id,
                  p!=all_policies.end(); ++p )
             {
                 Policy *policy = Policy::cast(*p);
-                string ruleset_name = policy->getName();
+                QString ruleset_name = QString::fromUtf8(policy->getName().c_str());
 
-                if (ruleset_name.find("/*")!=string::npos)
+                if (ruleset_name.endsWith("/*"))
                 {
                     QString err("The name of the policy ruleset %1"
                                 " ends with '/*', assuming it is externally"
                                 " controlled and skipping it.");
                     warning(fw, policy, NULL,
-                            err.arg(ruleset_name.c_str()).toStdString());
+                            err.arg(ruleset_name).toStdString());
                     continue;
                 }
 
@@ -507,9 +525,7 @@ QString CompilerDriver_pf::run(const std::string &cluster_id,
                 all_errors.push_back(c.getErrors("").c_str());
 
                 conf_files[ruleset_name] = getConfFileName(
-                    ruleset_name,
-                    current_firewall_name.toUtf8().constData(),
-                    fw_file_name.toUtf8().constData());
+                    ruleset_name, current_firewall_name, conf_file_name);
 
                 remote_conf_files[ruleset_name] = getRemoteConfFileName(
                     ruleset_name,
@@ -560,10 +576,10 @@ QString CompilerDriver_pf::run(const std::string &cluster_id,
             QString buffer;
             QTextStream pf_str(&buffer);
 
-            for (map<string, ostringstream*>::iterator fi=generated_scripts.begin();
+            for (map<QString, ostringstream*>::iterator fi=generated_scripts.begin();
                  fi!=generated_scripts.end(); fi++)
             {
-                string ruleset_name = fi->first;
+                QString ruleset_name = fi->first;
                 ostringstream *strm = fi->second;
                 pf_str << table_factories[ruleset_name]->PrintTables();
                 pf_str << QString::fromUtf8(strm->str().c_str());
@@ -580,14 +596,14 @@ QString CompilerDriver_pf::run(const std::string &cluster_id,
 /*
  * now write generated scripts to files
  */
-        for (map<string, ostringstream*>::iterator fi=generated_scripts.begin();
+        for (map<QString, ostringstream*>::iterator fi=generated_scripts.begin();
              fi!=generated_scripts.end(); fi++)
         {
-            string ruleset_name = fi->first;
-            QString file_name = conf_files[ruleset_name].c_str();
+            QString ruleset_name = fi->first;
+            QString file_name = conf_files[ruleset_name];
             ostringstream *strm = fi->second;
 
-            if (ruleset_name.find("/*")!=string::npos) continue;
+            if (ruleset_name.contains("/*")) continue;
 
             file_name = getAbsOutputFileName(file_name);
 
@@ -669,10 +685,10 @@ MapOstringStream::~MapOstringStream()
 
 void MapOstringStream::clear()
 {
-    std::map<std::string, std::ostringstream*>::iterator it;
+    std::map<QString, std::ostringstream*>::iterator it;
     for (it=begin(); it!=end(); ++it)
         delete it->second;
-    std::map<std::string, std::ostringstream*>::clear();
+    std::map<QString, std::ostringstream*>::clear();
 }
 
 MapTableFactory::~MapTableFactory()
@@ -682,9 +698,9 @@ MapTableFactory::~MapTableFactory()
 
 void MapTableFactory::clear()
 {
-    std::map<std::string, fwcompiler::TableFactory*>::iterator it;
+    std::map<QString, fwcompiler::TableFactory*>::iterator it;
     for (it=begin(); it!=end(); ++it)
         delete it->second;
-    std::map<std::string, fwcompiler::TableFactory*>::clear();
+    std::map<QString, fwcompiler::TableFactory*>::clear();
 }
 

src/unit_tests/generatedScriptTestsPF/generatedScriptTestsPF.cpp

@@ -134,7 +134,7 @@ void GeneratedScriptTest::ManifestTest_2()
     QString res = Configlet::findConfigletInFile("top_comment", "pf2.fw");
     // find manifest and compare
     CPPUNIT_ASSERT(res.indexOf("# files: * pf2.fw") != -1);
-    CPPUNIT_ASSERT(res.indexOf("# files:   pf2.conf") != -1);
+    CPPUNIT_ASSERT(res.indexOf("# files:   ipf2-1.conf") != -1);
     delete objdb;
 }
 
@@ -210,6 +210,34 @@ void GeneratedScriptTest::ManifestTest_7()
     delete objdb;
 }
 
+void GeneratedScriptTest::ManifestTest_8()
+{
+    /*
+     * generated .fw and .conf files have different base names
+     */
+    objdb = new FWObjectDatabase();
+    runCompiler("test1.fwb", "pf5", "pf5.fw");
+    QString res = Configlet::findConfigletInFile("top_comment", "pf5.fw");
+    // find manifest and compare
+    CPPUNIT_ASSERT(res.indexOf("# files: * pf5.fw") != -1);
+    CPPUNIT_ASSERT(res.indexOf("# files:   pf.conf") != -1);
+    delete objdb;
+}
+
+void GeneratedScriptTest::ManifestTest_9()
+{
+    /*
+     * generated .fw and .conf files have different base names
+     */
+    objdb = new FWObjectDatabase();
+    runCompiler("test1.fwb", "pf6", "/tmp/pf6.fw");
+    QString res = Configlet::findConfigletInFile("top_comment", "/tmp/pf6.fw");
+    // find manifest and compare
+    CPPUNIT_ASSERT(res.indexOf("# files: * /tmp/pf6.fw /etc/fw/pf6.fw") != -1);
+    CPPUNIT_ASSERT(res.indexOf("# files:   /tmp/pf.conf /etc/pf.conf") != -1);
+    delete objdb;
+}
+
 // ************************************************************************
 
 void GeneratedScriptTest::FwCommentTest()
@@ -242,7 +270,7 @@ void GeneratedScriptTest::ActivationCommandsTest_2()
     objdb = new FWObjectDatabase();
     QString res = Configlet::findConfigletInFile("activation", "pf2.fw")
         .split(QRegExp("\\s+")).join(" ");
-    CPPUNIT_ASSERT(res.indexOf("$PFCTL \\ -f \\ ${FWDIR}/pf2.conf") != -1);
+    CPPUNIT_ASSERT(res.indexOf("$PFCTL \\ -f \\ ${FWDIR}/ipf2-1.conf") != -1);
     delete objdb;
 }
 
@@ -283,4 +311,22 @@ void GeneratedScriptTest::ActivationCommandsTest_7()
     delete objdb;
 }
 
+void GeneratedScriptTest::ActivationCommandsTest_8()
+{
+    objdb = new FWObjectDatabase();
+    QString res = Configlet::findConfigletInFile("activation", "pf5.fw")
+        .split(QRegExp("\\s+")).join(" ");
+    CPPUNIT_ASSERT(res.indexOf("$PFCTL \\ -f \\ /etc/fw/pf5.conf") != -1);
+    delete objdb;
+}
+
+void GeneratedScriptTest::ActivationCommandsTest_9()
+{
+    objdb = new FWObjectDatabase();
+    QString res = Configlet::findConfigletInFile("activation", "/tmp/pf6.fw")
+        .split(QRegExp("\\s+")).join(" ");
+    CPPUNIT_ASSERT(res.indexOf("$PFCTL \\ -f \\ /etc/fw/pf6.conf") != -1);
+    delete objdb;
+}
+
 

src/unit_tests/generatedScriptTestsPF/generatedScriptTestsPF.h

@@ -57,6 +57,8 @@ public:
     void ManifestTest_5();
     void ManifestTest_6();
     void ManifestTest_7();
+    void ManifestTest_8();
+    void ManifestTest_9();
     void FwCommentTest();
     void ActivationCommandsTest_1();
     void ActivationCommandsTest_2();
@@ -65,6 +67,8 @@ public:
 //    void ActivationCommandsTest_5();
     void ActivationCommandsTest_6();
     void ActivationCommandsTest_7();
+    void ActivationCommandsTest_8();
+    void ActivationCommandsTest_9();
     
     CPPUNIT_TEST_SUITE(GeneratedScriptTest);
 
@@ -91,6 +95,12 @@ public:
     CPPUNIT_TEST(ManifestTest_7);
     CPPUNIT_TEST(ActivationCommandsTest_7);
 
+    CPPUNIT_TEST(ManifestTest_8);
+    CPPUNIT_TEST(ActivationCommandsTest_8);
+
+    CPPUNIT_TEST(ManifestTest_9);
+    CPPUNIT_TEST(ActivationCommandsTest_9);
+
     CPPUNIT_TEST(FwCommentTest);
 
     CPPUNIT_TEST_SUITE_END();

src/unit_tests/generatedScriptTestsPF/test1.fwb

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
-<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1284658651" id="root">
+<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1296596678" id="root">
   <Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
     <AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
     <AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@@ -143,6 +143,12 @@
           <ServiceRef ref="icmp-ping_reply"/>
           <ServiceRef ref="icmp-Unreachables"/>
         </ServiceGroup>
+        <ServiceGroup id="id1569X4889" name="Ipv6 unreachable messages" comment="" ro="False">
+          <ServiceRef ref="idE0D27650"/>
+          <ServiceRef ref="idCFE27650"/>
+          <ServiceRef ref="idE0B27650"/>
+          <ServiceRef ref="id1519Z388"/>
+        </ServiceGroup>
         <ServiceGroup id="id3B4FEDD9" name="kerberos" comment="" ro="False">
           <ServiceRef ref="id3B4FEDA5"/>
           <ServiceRef ref="id3B4FEDA9"/>
@@ -205,6 +211,7 @@
         <ICMP6Service id="ipv6-icmp-neighbrsol" code="0" type="135" name="ipv6 neighbrsol" comment="IPv6 neighbor solicitation" ro="False"/>
         <ICMP6Service id="ipv6-icmp-neighbradv" code="0" type="136" name="ipv6 neighbradv" comment="IPv6 neighbor advertisement" ro="False"/>
         <ICMP6Service id="ipv6-icmp-redir" code="0" type="137" name="ipv6 redir" comment="IPv6 redirect: shorter route exists" ro="False"/>
+        <ICMP6Service id="id1519Z388" code="-1" type="4" name="ipv6 parameter problem" comment="IPv6 Parameter Problem: RFC4443" ro="False"/>
         <ICMP6Service id="idCFE27650" code="0" type="3" name="ipv6 time exceeded" comment="Time exceeded in transit" ro="False"/>
         <ICMP6Service id="idCFF27650" code="1" type="3" name="ipv6 time exceeded in reassembly" comment="Time exceeded in reassembly" ro="False"/>
         <ICMP6Service id="idE0B27650" code="-1" type="2" name="ipv6 packet too big" comment="" ro="False"/>
@@ -442,7 +449,7 @@
     <ObjectGroup id="id1809X5592" name="Firewalls" comment="" ro="False">
       <Firewall id="id2393X25033" host_OS="openbsd" inactive="False" lastCompiled="1286410737" lastInstalled="0" lastModified="1286406062" platform="pf" version="" name="pf1" comment="# Firewall object test1 comment&#10;" ro="False">
         <NAT id="id2397X25033" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
-          <NATRule id="id2503X28067" disabled="False" position="0" action="Translate" comment="">
+          <NATRule id="id2503X28067" disabled="False" group="" position="0" action="Translate" comment="">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
@@ -466,7 +473,7 @@
           <RuleSetOptions/>
         </NAT>
         <Policy id="id2395X25033" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
-          <PolicyRule id="id2410X25033" disabled="False" log="True" position="0" action="Deny" direction="Both" comment="">
+          <PolicyRule id="id2410X25033" disabled="False" group="" log="True" position="0" action="Deny" direction="Both" comment="">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
             </Src>
@@ -507,6 +514,7 @@
           <Option name="configure_interfaces">true</Option>
           <Option name="eliminate_duplicates">true</Option>
           <Option name="firewall_dir">/etc</Option>
+          <Option name="generate_shell_script">True</Option>
           <Option name="in_out_code">true</Option>
           <Option name="log_prefix">RULE %N -- %A </Option>
           <Option name="loopback_interface">lo0</Option>
@@ -523,7 +531,7 @@
       </Firewall>
       <Firewall id="id2422X25033" host_OS="openbsd" inactive="False" lastCompiled="1284669164" lastInstalled="0" lastModified="1286406067" platform="pf" version="" name="pf2" comment="output file name is set to ipf2-1.fw" ro="False">
         <NAT id="id2449X25033" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
-          <NATRule id="id2754X28067" disabled="False" position="0" action="Translate" comment="">
+          <NATRule id="id2754X28067" disabled="False" group="" position="0" action="Translate" comment="">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
@@ -547,7 +555,7 @@
           <RuleSetOptions/>
         </NAT>
         <Policy id="id2435X25033" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
-          <PolicyRule id="id2436X25033" disabled="False" log="True" position="0" action="Deny" direction="Both" comment="">
+          <PolicyRule id="id2436X25033" disabled="False" group="" log="True" position="0" action="Deny" direction="Both" comment="">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
             </Src>
@@ -590,12 +598,14 @@
           <Option name="check_shading">true</Option>
           <Option name="cmdline"></Option>
           <Option name="compiler"></Option>
+          <Option name="conf_file">ipf2-1.conf</Option>
           <Option name="configure_interfaces">true</Option>
           <Option name="debug">False</Option>
           <Option name="dynAddr">False</Option>
           <Option name="eliminate_duplicates">True</Option>
           <Option name="epilog_script"></Option>
           <Option name="firewall_dir">/etc</Option>
+          <Option name="generate_shell_script">True</Option>
           <Option name="ignore_empty_groups">False</Option>
           <Option name="in_out_code">true</Option>
           <Option name="ipf_conf_file_name_on_firewall"></Option>
@@ -638,7 +648,7 @@
       </Firewall>
       <Firewall id="id2540X25033" host_OS="openbsd" inactive="False" lastCompiled="1284659421" lastInstalled="0" lastModified="1286412811" platform="pf" version="" name="pf3" comment="" ro="False">
         <NAT id="id2567X25033" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
-          <NATRule id="id2768X28067" disabled="False" position="0" action="Translate" comment="">
+          <NATRule id="id2768X28067" disabled="False" group="" position="0" action="Translate" comment="">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
@@ -662,7 +672,7 @@
           <RuleSetOptions/>
         </NAT>
         <Policy id="id2553X25033" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
-          <PolicyRule id="id2554X25033" disabled="False" log="True" position="0" action="Deny" direction="Both" comment="">
+          <PolicyRule id="id2554X25033" disabled="False" group="" log="True" position="0" action="Deny" direction="Both" comment="">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
             </Src>
@@ -716,6 +726,7 @@
           <Option name="epilog_script"></Option>
           <Option name="fallback_log">False</Option>
           <Option name="firewall_dir">/etc</Option>
+          <Option name="generate_shell_script">True</Option>
           <Option name="ignore_empty_groups">False</Option>
           <Option name="in_out_code">true</Option>
           <Option name="ipf_conf_file_name_on_firewall">/etc/fw/ipf3-ipf.conf</Option>
@@ -814,7 +825,7 @@
       </Firewall>
       <Firewall id="id2685X25033" host_OS="openbsd" inactive="False" lastCompiled="1284659501" lastInstalled="0" lastModified="1286412025" platform="pf" version="" name="pf4" comment="" ro="False">
         <NAT id="id2712X25033" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
-          <NATRule id="id2782X28067" disabled="False" position="0" action="Translate" comment="">
+          <NATRule id="id2782X28067" disabled="False" group="" position="0" action="Translate" comment="">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
@@ -838,7 +849,7 @@
           <RuleSetOptions/>
         </NAT>
         <Policy id="id2698X25033" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
-          <PolicyRule id="id2699X25033" disabled="False" log="True" position="0" action="Deny" direction="Both" comment="">
+          <PolicyRule id="id2699X25033" disabled="False" group="" log="True" position="0" action="Deny" direction="Both" comment="">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
             </Src>
@@ -892,6 +903,7 @@
           <Option name="epilog_script"></Option>
           <Option name="fallback_log">False</Option>
           <Option name="firewall_dir">/etc</Option>
+          <Option name="generate_shell_script">True</Option>
           <Option name="ignore_empty_groups">False</Option>
           <Option name="in_out_code">true</Option>
           <Option name="ipf_conf_file_name_on_firewall">/etc/path with space/ipf4-ipf.conf</Option>
@@ -990,7 +1002,7 @@
       </Firewall>
       <Firewall id="id2541X28067" host_OS="openbsd" inactive="False" lastCompiled="1284659208" lastInstalled="0" lastModified="1286406071" platform="pf" version="" name="pf2a" comment="output file name is set to ipf2a-1" ro="False">
         <NAT id="id2568X28067" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
-          <NATRule id="id2740X28067" disabled="False" position="0" action="Translate" comment="">
+          <NATRule id="id2740X28067" disabled="False" group="" position="0" action="Translate" comment="">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
@@ -1014,7 +1026,7 @@
           <RuleSetOptions/>
         </NAT>
         <Policy id="id2554X28067" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
-          <PolicyRule id="id2555X28067" disabled="False" log="True" position="0" action="Deny" direction="Both" comment="">
+          <PolicyRule id="id2555X28067" disabled="False" group="" log="True" position="0" action="Deny" direction="Both" comment="">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
             </Src>
@@ -1057,12 +1069,14 @@
           <Option name="check_shading">true</Option>
           <Option name="cmdline"></Option>
           <Option name="compiler"></Option>
+          <Option name="conf_file">ipf2-1.conf</Option>
           <Option name="configure_interfaces">true</Option>
           <Option name="debug">False</Option>
           <Option name="dynAddr">False</Option>
           <Option name="eliminate_duplicates">True</Option>
           <Option name="epilog_script"></Option>
           <Option name="firewall_dir">/etc</Option>
+          <Option name="generate_shell_script">True</Option>
           <Option name="ignore_empty_groups">False</Option>
           <Option name="in_out_code">true</Option>
           <Option name="ipf_conf_file_name_on_firewall"></Option>
@@ -1103,6 +1117,364 @@
           <Option name="sshArgs"></Option>
         </FirewallOptions>
       </Firewall>
+      <Firewall id="id2950X3156" host_OS="openbsd" inactive="False" lastCompiled="1284659501" lastInstalled="0" lastModified="1296596675" platform="pf" version="" name="pf5" comment="" ro="False">
+        <NAT id="id2994X3156" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
+          <NATRule id="id2996X3156" disabled="False" group="" position="0" action="Translate" comment="">
+            <OSrc neg="False">
+              <ObjectRef ref="sysid0"/>
+            </OSrc>
+            <ODst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </ODst>
+            <OSrv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </OSrv>
+            <TSrc neg="False">
+              <ObjectRef ref="sysid0"/>
+            </TSrc>
+            <TDst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </TDst>
+            <TSrv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </TSrv>
+            <NATRuleOptions/>
+          </NATRule>
+          <RuleSetOptions/>
+        </NAT>
+        <Policy id="id2963X3156" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
+          <PolicyRule id="id2965X3156" disabled="False" group="" log="True" position="0" action="Deny" direction="Both" comment="">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">True</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <RuleSetOptions/>
+        </Policy>
+        <Routing id="id3030X3156" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
+          <RuleSetOptions/>
+        </Routing>
+        <Interface id="id2958X3156" dedicated_failover="False" dyn="False" label="" security_level="100" unnum="False" unprotected="False" name="le0" comment="" ro="False">
+          <IPv4 id="id2961X3156" name="pf5:le0:ip" comment="" ro="False" address="10.1.1.1" netmask="255.255.255.0"/>
+          <InterfaceOptions/>
+        </Interface>
+        <Management address="0.0.0.0">
+          <SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
+          <FWBDManagement enabled="False" identity="" port="-1"/>
+          <PolicyInstallScript arguments="" command="" enabled="False"/>
+        </Management>
+        <FirewallOptions>
+          <Option name="accept_new_tcp_with_no_syn">True</Option>
+          <Option name="action_on_reject"></Option>
+          <Option name="activationCmd"></Option>
+          <Option name="admUser"></Option>
+          <Option name="altAddress"></Option>
+          <Option name="check_shading">True</Option>
+          <Option name="cmdline"></Option>
+          <Option name="compiler"></Option>
+          <Option name="conf_file">pf.conf</Option>
+          <Option name="conf_file_name_on_firewall"></Option>
+          <Option name="configure_carp_interfaces">False</Option>
+          <Option name="configure_interfaces">True</Option>
+          <Option name="configure_pfsync_interfaces">False</Option>
+          <Option name="configure_vlan_interfaces">False</Option>
+          <Option name="debug">False</Option>
+          <Option name="dynAddr">False</Option>
+          <Option name="eliminate_duplicates">True</Option>
+          <Option name="epilog_script"></Option>
+          <Option name="fallback_log">False</Option>
+          <Option name="firewall_dir">/etc</Option>
+          <Option name="generate_rc_conf_file">False</Option>
+          <Option name="generate_shell_script">True</Option>
+          <Option name="ignore_empty_groups">False</Option>
+          <Option name="in_out_code">true</Option>
+          <Option name="ipf_conf_file_name_on_firewall">/etc/path with space/ipf4-ipf.conf</Option>
+          <Option name="ipf_log_body">False</Option>
+          <Option name="ipf_log_facility"></Option>
+          <Option name="ipf_log_level"></Option>
+          <Option name="ipf_log_or_block">False</Option>
+          <Option name="ipf_nat_ekshell_proxy">False</Option>
+          <Option name="ipf_nat_ftp_proxy">False</Option>
+          <Option name="ipf_nat_h323_proxy">False</Option>
+          <Option name="ipf_nat_ipsec_proxy">False</Option>
+          <Option name="ipf_nat_irc_proxy">False</Option>
+          <Option name="ipf_nat_krcmd_proxy">False</Option>
+          <Option name="ipf_nat_pptp_proxy">False</Option>
+          <Option name="ipf_nat_raudio_proxy">False</Option>
+          <Option name="ipf_nat_rcmd_proxy">False</Option>
+          <Option name="ipf_return_icmp_as_dest">False</Option>
+          <Option name="ipv4_6_order">ipv4_first</Option>
+          <Option name="log_prefix">RULE %N -- %A </Option>
+          <Option name="loopback_interface">lo0</Option>
+          <Option name="manage_virtual_addr">True</Option>
+          <Option name="mgmt_addr"></Option>
+          <Option name="mgmt_ssh">False</Option>
+          <Option name="nat_conf_file_name_on_firewall">/etc/path with space/ipf4-nat.conf</Option>
+          <Option name="openbsd_ip_forward">1</Option>
+          <Option name="optimize">False</Option>
+          <Option name="output_file">pf5.fw</Option>
+          <Option name="pass_all_out">false</Option>
+          <Option name="pf_adaptive_end">0</Option>
+          <Option name="pf_adaptive_start">0</Option>
+          <Option name="pf_do_limit_frags">False</Option>
+          <Option name="pf_do_limit_src_nodes">False</Option>
+          <Option name="pf_do_limit_states">False</Option>
+          <Option name="pf_do_limit_table_entries">False</Option>
+          <Option name="pf_do_limit_tables">False</Option>
+          <Option name="pf_do_scrub">False</Option>
+          <Option name="pf_do_timeout_frag">False</Option>
+          <Option name="pf_do_timeout_interval">False</Option>
+          <Option name="pf_flush_states">False</Option>
+          <Option name="pf_icmp_error">0</Option>
+          <Option name="pf_icmp_first">0</Option>
+          <Option name="pf_limit_frags">5000</Option>
+          <Option name="pf_limit_src_nodes">0</Option>
+          <Option name="pf_limit_states">10000</Option>
+          <Option name="pf_limit_table_entries">0</Option>
+          <Option name="pf_limit_tables">0</Option>
+          <Option name="pf_modulate_state">False</Option>
+          <Option name="pf_optimization"></Option>
+          <Option name="pf_other_first">0</Option>
+          <Option name="pf_other_multiple">0</Option>
+          <Option name="pf_other_single">0</Option>
+          <Option name="pf_scrub_fragm_crop">False</Option>
+          <Option name="pf_scrub_fragm_drop_ovl">False</Option>
+          <Option name="pf_scrub_maxmss">1460</Option>
+          <Option name="pf_scrub_minttl">0</Option>
+          <Option name="pf_scrub_no_df">False</Option>
+          <Option name="pf_scrub_random_id">False</Option>
+          <Option name="pf_scrub_reassemble">False</Option>
+          <Option name="pf_scrub_reassemble_tcp">True</Option>
+          <Option name="pf_scrub_use_maxmss">False</Option>
+          <Option name="pf_scrub_use_minttl">False</Option>
+          <Option name="pf_set_adaptive">False</Option>
+          <Option name="pf_set_icmp_error">False</Option>
+          <Option name="pf_set_icmp_first">False</Option>
+          <Option name="pf_set_other_first">False</Option>
+          <Option name="pf_set_other_multiple">False</Option>
+          <Option name="pf_set_other_single">False</Option>
+          <Option name="pf_set_tcp_closed">False</Option>
+          <Option name="pf_set_tcp_closing">False</Option>
+          <Option name="pf_set_tcp_established">False</Option>
+          <Option name="pf_set_tcp_finwait">False</Option>
+          <Option name="pf_set_tcp_first">False</Option>
+          <Option name="pf_set_tcp_opening">False</Option>
+          <Option name="pf_set_udp_first">False</Option>
+          <Option name="pf_set_udp_multiple">False</Option>
+          <Option name="pf_set_udp_single">False</Option>
+          <Option name="pf_state_policy"></Option>
+          <Option name="pf_tcp_closed">0</Option>
+          <Option name="pf_tcp_closing">0</Option>
+          <Option name="pf_tcp_established">0</Option>
+          <Option name="pf_tcp_finwait">0</Option>
+          <Option name="pf_tcp_first">0</Option>
+          <Option name="pf_tcp_opening">0</Option>
+          <Option name="pf_timeout_frag">30</Option>
+          <Option name="pf_timeout_interval">10</Option>
+          <Option name="pf_udp_first">0</Option>
+          <Option name="pf_udp_multiple">0</Option>
+          <Option name="pf_udp_single">0</Option>
+          <Option name="prolog_place">fw_file</Option>
+          <Option name="prolog_script"></Option>
+          <Option name="scpArgs"></Option>
+          <Option name="script_name_on_firewall"></Option>
+          <Option name="solaris_ip_forward">1</Option>
+          <Option name="sshArgs"></Option>
+        </FirewallOptions>
+      </Firewall>
+      <Firewall id="id3120X3156" host_OS="openbsd" inactive="False" lastCompiled="1284659501" lastInstalled="0" lastModified="1296596710" platform="pf" version="" name="pf6" comment="" ro="False">
+        <NAT id="id3164X3156" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
+          <NATRule id="id3166X3156" disabled="False" group="" position="0" action="Translate" comment="">
+            <OSrc neg="False">
+              <ObjectRef ref="sysid0"/>
+            </OSrc>
+            <ODst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </ODst>
+            <OSrv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </OSrv>
+            <TSrc neg="False">
+              <ObjectRef ref="sysid0"/>
+            </TSrc>
+            <TDst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </TDst>
+            <TSrv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </TSrv>
+            <NATRuleOptions/>
+          </NATRule>
+          <RuleSetOptions/>
+        </NAT>
+        <Policy id="id3133X3156" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
+          <PolicyRule id="id3135X3156" disabled="False" group="" log="True" position="0" action="Deny" direction="Both" comment="">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">True</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <RuleSetOptions/>
+        </Policy>
+        <Routing id="id3200X3156" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
+          <RuleSetOptions/>
+        </Routing>
+        <Interface id="id3128X3156" dedicated_failover="False" dyn="False" label="" security_level="100" unnum="False" unprotected="False" name="le0" comment="" ro="False">
+          <IPv4 id="id3131X3156" name="pf6:le0:ip" comment="" ro="False" address="10.1.1.1" netmask="255.255.255.0"/>
+          <InterfaceOptions/>
+        </Interface>
+        <Management address="0.0.0.0">
+          <SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
+          <FWBDManagement enabled="False" identity="" port="-1"/>
+          <PolicyInstallScript arguments="" command="" enabled="False"/>
+        </Management>
+        <FirewallOptions>
+          <Option name="accept_new_tcp_with_no_syn">True</Option>
+          <Option name="action_on_reject"></Option>
+          <Option name="activationCmd"></Option>
+          <Option name="admUser"></Option>
+          <Option name="altAddress"></Option>
+          <Option name="check_shading">True</Option>
+          <Option name="cmdline"></Option>
+          <Option name="compiler"></Option>
+          <Option name="conf_file">/tmp/pf.conf</Option>
+          <Option name="conf_file_name_on_firewall">/etc/pf.conf</Option>
+          <Option name="configure_carp_interfaces">False</Option>
+          <Option name="configure_interfaces">True</Option>
+          <Option name="configure_pfsync_interfaces">False</Option>
+          <Option name="configure_vlan_interfaces">False</Option>
+          <Option name="debug">False</Option>
+          <Option name="dynAddr">False</Option>
+          <Option name="eliminate_duplicates">True</Option>
+          <Option name="epilog_script"></Option>
+          <Option name="fallback_log">False</Option>
+          <Option name="firewall_dir">/etc</Option>
+          <Option name="generate_rc_conf_file">False</Option>
+          <Option name="generate_shell_script">True</Option>
+          <Option name="ignore_empty_groups">False</Option>
+          <Option name="in_out_code">true</Option>
+          <Option name="ipf_conf_file_name_on_firewall">/etc/path with space/ipf4-ipf.conf</Option>
+          <Option name="ipf_log_body">False</Option>
+          <Option name="ipf_log_facility"></Option>
+          <Option name="ipf_log_level"></Option>
+          <Option name="ipf_log_or_block">False</Option>
+          <Option name="ipf_nat_ekshell_proxy">False</Option>
+          <Option name="ipf_nat_ftp_proxy">False</Option>
+          <Option name="ipf_nat_h323_proxy">False</Option>
+          <Option name="ipf_nat_ipsec_proxy">False</Option>
+          <Option name="ipf_nat_irc_proxy">False</Option>
+          <Option name="ipf_nat_krcmd_proxy">False</Option>
+          <Option name="ipf_nat_pptp_proxy">False</Option>
+          <Option name="ipf_nat_raudio_proxy">False</Option>
+          <Option name="ipf_nat_rcmd_proxy">False</Option>
+          <Option name="ipf_return_icmp_as_dest">False</Option>
+          <Option name="ipv4_6_order">ipv4_first</Option>
+          <Option name="log_prefix">RULE %N -- %A </Option>
+          <Option name="loopback_interface">lo0</Option>
+          <Option name="manage_virtual_addr">True</Option>
+          <Option name="mgmt_addr"></Option>
+          <Option name="mgmt_ssh">False</Option>
+          <Option name="nat_conf_file_name_on_firewall">/etc/path with space/ipf4-nat.conf</Option>
+          <Option name="openbsd_ip_forward">1</Option>
+          <Option name="optimize">False</Option>
+          <Option name="output_file">/tmp/pf6.fw</Option>
+          <Option name="pass_all_out">false</Option>
+          <Option name="pf_adaptive_end">0</Option>
+          <Option name="pf_adaptive_start">0</Option>
+          <Option name="pf_do_limit_frags">False</Option>
+          <Option name="pf_do_limit_src_nodes">False</Option>
+          <Option name="pf_do_limit_states">False</Option>
+          <Option name="pf_do_limit_table_entries">False</Option>
+          <Option name="pf_do_limit_tables">False</Option>
+          <Option name="pf_do_scrub">False</Option>
+          <Option name="pf_do_timeout_frag">False</Option>
+          <Option name="pf_do_timeout_interval">False</Option>
+          <Option name="pf_flush_states">False</Option>
+          <Option name="pf_icmp_error">0</Option>
+          <Option name="pf_icmp_first">0</Option>
+          <Option name="pf_limit_frags">5000</Option>
+          <Option name="pf_limit_src_nodes">0</Option>
+          <Option name="pf_limit_states">10000</Option>
+          <Option name="pf_limit_table_entries">0</Option>
+          <Option name="pf_limit_tables">0</Option>
+          <Option name="pf_modulate_state">False</Option>
+          <Option name="pf_optimization"></Option>
+          <Option name="pf_other_first">0</Option>
+          <Option name="pf_other_multiple">0</Option>
+          <Option name="pf_other_single">0</Option>
+          <Option name="pf_scrub_fragm_crop">False</Option>
+          <Option name="pf_scrub_fragm_drop_ovl">False</Option>
+          <Option name="pf_scrub_maxmss">1460</Option>
+          <Option name="pf_scrub_minttl">0</Option>
+          <Option name="pf_scrub_no_df">False</Option>
+          <Option name="pf_scrub_random_id">False</Option>
+          <Option name="pf_scrub_reassemble">False</Option>
+          <Option name="pf_scrub_reassemble_tcp">True</Option>
+          <Option name="pf_scrub_use_maxmss">False</Option>
+          <Option name="pf_scrub_use_minttl">False</Option>
+          <Option name="pf_set_adaptive">False</Option>
+          <Option name="pf_set_icmp_error">False</Option>
+          <Option name="pf_set_icmp_first">False</Option>
+          <Option name="pf_set_other_first">False</Option>
+          <Option name="pf_set_other_multiple">False</Option>
+          <Option name="pf_set_other_single">False</Option>
+          <Option name="pf_set_tcp_closed">False</Option>
+          <Option name="pf_set_tcp_closing">False</Option>
+          <Option name="pf_set_tcp_established">False</Option>
+          <Option name="pf_set_tcp_finwait">False</Option>
+          <Option name="pf_set_tcp_first">False</Option>
+          <Option name="pf_set_tcp_opening">False</Option>
+          <Option name="pf_set_udp_first">False</Option>
+          <Option name="pf_set_udp_multiple">False</Option>
+          <Option name="pf_set_udp_single">False</Option>
+          <Option name="pf_state_policy"></Option>
+          <Option name="pf_tcp_closed">0</Option>
+          <Option name="pf_tcp_closing">0</Option>
+          <Option name="pf_tcp_established">0</Option>
+          <Option name="pf_tcp_finwait">0</Option>
+          <Option name="pf_tcp_first">0</Option>
+          <Option name="pf_tcp_opening">0</Option>
+          <Option name="pf_timeout_frag">30</Option>
+          <Option name="pf_timeout_interval">10</Option>
+          <Option name="pf_udp_first">0</Option>
+          <Option name="pf_udp_multiple">0</Option>
+          <Option name="pf_udp_single">0</Option>
+          <Option name="prolog_place">fw_file</Option>
+          <Option name="prolog_script"></Option>
+          <Option name="scpArgs"></Option>
+          <Option name="script_name_on_firewall">/etc/fw/pf6.fw</Option>
+          <Option name="solaris_ip_forward">1</Option>
+          <Option name="sshArgs"></Option>
+        </FirewallOptions>
+      </Firewall>
     </ObjectGroup>
     <IntervalGroup id="id1810X5592" name="Time" comment="" ro="False"/>
   </Library>